Target Confirms POS Malware, Pledges Campaign

Target Corp. CEO Greg Steinhafel revealed Monday that malware placed on POS devices in its stores enabled what has turned into one of the largest reported thefts ever of consumer data.

“We don't know the full extent of what transpired, but what we do know was there was malware installed on our point-of-sale registers,” Steinhafel said in an interview on CNBC. “We removed that malware so that we could provide a safe and secure shopping environment.”

Target had first announced on Dec. 19 that thieves had stolen PIN and CVV codes and other data from 40 million cards used at the chain’s nearly 1,800 stores over the holidays, and then later revealed that information including mailing and email addresses and phone numbers from 70 million individuals also had been taken.

The company said it also hopes to take a lead in encouraging the adoption of EMV chip-and-PIN cards in the United States and will pour $5 million into a new coalition to help educate the public about cyberscams.

On Monday, Steinhafel said in a statement, “Target has a longstanding history of commitment to our communities, and cybersecurity is one of the most pressing issues facing consumers today. We are proud to be working with three trusted organizations – the National Cyber-Forensics and Training Alliance, National Cyber Security Alliance and Better Business Bureaus – to advance public education around cybersecurity.”

The group plans to meet later this week in Washington.

Target also has taken down 13 phishing sites that were preying on confused shoppers, Steinhafel said, and has begun offering a year of free identity theft protection and credit monitoring.